Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A vulnerability with the screensaver password lock' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A vulnerability with the screensaver password lock
Authored by: tjfarrell on Jun 06, '04 06:43:38PM

This is a flaw - in that the design allows an administrator more access then is needed for the required job. It is sensible that an administrator can override a password lock - the logged in user may have gone on leave and forgotten to logout or any number of things - and others need access to the computer.

But - the implementation allows the administrator more access then what is required. They get to see every thing the user was doing. I discovered this problem myself only last week and was rather shocked.

If the screensaver lock detects a administrator who is not the current user - it should offer an option to log out the current user (forceable quitting all their running applications without allowing the administrator to see the details).

You must always remember that the administrator of a multiple user machine may not be the primary user of the machine. The primary user may not have the relevant skills and may prefer not to have administrator privileges. Additionally, many company policies may deny them it anyway - reserving administrator privileges to the IT support group.

But - the normal user should still have the right to privacy of their information. They may be a far more important person then the person who has administrator access.

(Yes an the administrator can always look at all the user's files - but the user can use other techniques to get privacy at that level - fileVault for example.)

---
--
T. Farrell



[ Reply to This | # ]
Dude, where's my vulnerability?
Authored by: yellow on Jun 10, '04 02:37:35PM

You wrote:
"But - the normal user should still have the right to privacy of their information. They may be a far more important person then the person who has administrator access."

In most multi-user environments, especially those at a company, the end user has NO privacy of information. The computer, and therefore all material on the computer, is owned by the company. If you need to hide what you are doing/what you have on your work computer, then you shouldn't be doing it at work.



[ Reply to This | # ]